pk.org: CS 419/Lecture Notes

Program Containment

Terms and concepts you should know

Paul Krzyzanowski – March 23, 2025
  • chroot jails
  • Deficiencies of chroot
  • Jailkits
  • FreeBSD Jail improvments
  • Linux Namespaces
  • clone() system call
  • Linux capabilities
  • Linux control groups
  • Lightweight process virtualization
  • Container components
  • Copy on write (CoW) file system
  • AppArmor
  • Container orchestration
  • Operating system level virtualization
  • Process virtual machines
  • Virtual machines
  • Hypervisor (virtual machine monitor)
  • Trap & emulate
  • Guest mode execution
  • Native (bare metal) VM vs. hosted VM
  • Covert channel